Date: Fri, 8 Dec 2000 12:23:06 -0800 (PST) From: wpaul@FreeBSD.ORG (Bill Paul) To: nbrown@iowaone.net (Nicolai L. Brown) Cc: freebsd-questions@freebsd.org Subject: Re: scp only Message-ID: <20001208202307.0CE0E37B401@hub.freebsd.org> In-Reply-To: <Pine.BSF.4.30.0012081325390.18309-100000@everest.iowaone.net> from "Nicolai L. Brown" at "Dec 8, 2000 01:28:07 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> > On Fri, 8 Dec 2000, Nicolas wrote: > > > Hallo, > > > > I want to let a user upload files via scp to one of my machines, but i > > don't want to give him the possibility to log in or start any programs > > except scp. Is there any easy way to achieve this. I can't find such > > an option in the ssh docs. Thanks in advance.. > > You might try giving them a csh shell, and a ~/.login file containing the > word "logout", and owned root:wheel. Also, chown their .cshrc and .tcshrc > files to root:wheel, so they cannot overwrite those with their own via > scp. > > Don't know if this is the best solution, but it will work. No it won't, monkeyboy. Even though the user doesn't have write access to the files, he still owns the directory in which they reside. All he has to do is FTP in and delete or rename them. Chown'ing the user's home directory, would prevent this, but it might screw up other things. I would set the user's shell to /bin/false instead. I'm not sure how sshd will react to this though. -Bill To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001208202307.0CE0E37B401>